At the end of October, another data leak occurred from Facebook: unknown scammers sold access to users’ private messages, photos, and emails. Why are such leaks dangerous and what can attackers do with your data?
To begin with, let’s understand who, in principle, has access to your personal data (except for the police and other government agencies): contacts, passport information …
- Bank employees. Of course, when you opened an account, you filled out a questionnaire (or a bank employee filled it out for you). Maybe they opened a deposit or took a loan from another bank and already forgot about it, but the data still remained in the database.
- Postal employees. According to a good Russian tradition, when receiving a parcel or a registered letter, it was necessary to fill out a receipt. Fortunately, this tradition has recently been abolished.
- Operator company employees. Here we have included both mobile operators and Internet providers.
- Insurance company employees. No policy will be issued to you without presenting a passport.
- Private clinic staff. Medical care is a serious matter, and when concluding a contract for the provision of services, you also need a passport.
- Your company’s HR department. They, too, are supposed to know your data “on duty”.
- Hotel staff. When you check into another hotel, you always present documents.
As you can see, a huge number of people can even get access to your passport data – especially if they have some kind of selfish plans. What can we say about banal e-mail addresses and phone numbers!
What data is really being hunted?
First you need to understand, what kind of data are we talking about? “In itself, the concept of personal data is quite extensive,” recalls Artem Pogrebnyak, head of the DLP direction of the Information Security Center at Jet Infosystems, “For example, databases with thousands of email addresses cost only a few dollars and in most cases are of little interest to anyone.”
Names and phone numbers are much more valuable – numbers are often requested on sites for authorization, but some users do not hesitate to enter their real names with names. The same “kit” can be copied, for example, from a company’s address book.
“The leak of a database of employees with phone numbers and email addresses can be used to penetrate the company’s information systems or further personal fraud, as it allows you to contact a person personally, get in touch with him, force him to open an infected link, or get other valuable information” Artem warns.
Can I get a loan using someone else’s passport?
Here you need to understand that sending you SMS or even making a call to your number spammers are practically not responsible. The maximum that threatens them is a fine (for more details, see our article “How to punish spammers who call with advertising?”). But those who try to make some kind of banking operation already fall under the article “Fraud” of the Criminal Code of the Russian Federation, which provides for imprisonment for up to 2 years. Therefore, anyone who has received your data will not get involved in serious stories.
“It’s quite difficult to get a loan at a bank branch or purchase a SIM card using someone else’s passport data,” Ivan Zakharov, IT director of the Non-State Pension Fund Consent, is sure, “This is due to the fact that both banks and operators are actively counteracting fraud.” .
As they say, it is difficult, but if you wish, you can. True, such a thing cannot be done alone – in fact, the fraudster must have certain connections. Here is what Aleksey Parfentiev, Leading Analyst at SearchInform, has to say about this:
“Passport data, indeed, can be used to issue microloans and SIM cards for another person. Moreover, copies and scanned copies are used for registration and re-registration of firms – all this is confirmed by practice. Since such actions require the owner of the passport with the original document, scammers involve a trusted notary or an employee of a bank, a mobile phone salon.
Your photos can also be used against you
Sometimes we ourselves willingly share our confidential data – it remains only to take and use it. There have been so many cases when the lucky ones flying on vacation posted their boarding passes on the social network, and then greatly regretted it.
No wonder: knowing your last name and ticket number, you can get into your own account. And, for example, to cancel the registration or flight – well, out of harm. It is much worse if the airline, when entering this data, gives full access to the account, which contains phone numbers, email address, passport and bonus card numbers.
How to protect your data from being used?
First of all, cultivate a culture of safe handling of sites and organizations. To get started, try to follow these three simple tips.
- When registering in an online store, it is not at all necessary to share your real name and surname – no one will check them.
- Try also not to keep in the public domain (for example, in cloud storage) scans and photocopies of personal documents.
- Set up a password or other authentication method on your smartphone. An unsecured smartphone is just a storehouse of useful information for criminals.
“We are too frivolous about the data, presenting them anywhere on demand,” says T.A. Kutsenko, lawyer at the Lawyer’s Office. The world community is striving to inform people as clearly as possible about why data is being collected from them, describe who will use it and how, and limit its processing to the goals stated during collection. For example, such provisions are provided by the General Data Protection Regulation (GDPR), which came into force in May 2018 in the European Union.”
How not to be deceived:
- Carefully! How customers are “bred” in service centers
- Online shopping: how to pay for online purchases safely?